Apache Security - Ivan Ristic [232]
application enumeration, Enumerating applications
configuration problems, Probing for common configuration problems
configuration review, Reviewing the web server configuration
default location searching, Examining default locations
exceptional requests response, Examining responses to exceptional requests
identifying the application server, Identifying the application server
identifying the server, Identifying the web server
SSL, Testing SSL
vulnerabilities, probing known, Probing for known vulnerabilities
status monitoring, Web Server Status, Web Server Status, Web Server Status, Web Server Status, Fetching and storing statistics, Graphing, Using the scripts, Using the scripts, mod_watch
graphing, Graphing
mod_status module, Web Server Status, Using the scripts
mod_watch third-party module, mod_watch
RRDtool, Web Server Status
scripts for, Using the scripts
SNMP, Web Server Status
statistics, fetching and storing, Fetching and storing statistics
web site for book, Online Companion
WebDAV (Web Distributed Authoring and Versioning), Limiting request methods, WebDAV
WebGoat learning environment, WebGoat
WebMaven learning environment, WebMaven
WebScarab web application security tool, Web Application Security Tools
X
XSS (cross-site scripting) attacks, Cross-Site Scripting, Cross-Site Scripting, XSS attack resources, Cross-site scripting attacks, Cross-site scripting attacks
consequences, Cross-Site Scripting
detecting, Cross-site scripting attacks
resources for, XSS attack resources
warning patterns, Cross-site scripting attacks
About the Author
Ivan Ristic is a web security specialist and the author of of ModSecurity, an open source intrusion detection and prevention engine for web applications. He is the founder of Thinking Stone, which offers products and services related to web application security. Ivan spends his time thinking about web application security, web intrusion detection, and security patterns. Prior to moving to the computer security field, Ivan spent a number of years working as a developer, system architect, and technical director in the software development industry.
Ivan wrote Apache Security for O'Reilly, a concise yet comprehensive web security guide for administrators, system architects, and programmers. An active participant in the web application security community, Ivan is a member of the Web Application Security Consortium, OASIS, and the PHP Security Consortium.
Colophon
Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects.
The animal on the cover of Apache Security is an Arabian horse (Equus caballus). Thousands of years ago, Bedouin tribes of the Arabian Peninsula (now comprising Syria, Iraq, and Iran) began breeding these horses as war mounts. Desert conditions were harsh, so Arabian horses lived in close proximity to their owners, sometimes even sharing their tents. This breed, known for its endurance, speed, intelligence, and close affinity to humans, evolved and flourished in near isolation before gaining popularity throughout the rest of the world.
The widespread enjoyment of Arabians as pleasure horses and endurance racers is generally attributed to the strict breeding of the Bedouins. According to the Islamic people, the Arabian horse was a gift from Allah. Its broad forehead, curved profile, wide-set eyes, arched neck, and high tail are distinct features of the Arabian breed, and these characteristics were highly valued and obsessed over during the breeding process. Because the Bedouins valued purity of strain above all else, many tribes owned only one primary strain of horse. These strains, or families, were named according to the tribe that bred them, and the genealogy of strains was always traced through the dam. Mythical stories accompanied any recitation of a substrain's genealogy. The daughters and granddaughters of legendary mares